Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/cToDW6xq5TNn5u7-i9njJkqmMuc.roa
File:                     cToDW6xq5TNn5u7-i9njJkqmMuc.roa (raw, json)
Hash identifier:          qrjxU4G4MSwj8PxXvIZKr+oVfnUmgCvj4Ge23f+cvDs=
Subject key identifier:   71:3A:03:5B:AC:6A:E5:33:67:E6:EE:FE:8B:D9:E3:26:4A:A6:32:E7
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       0186911F06FEB7CC751F9780CCD268603678
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/cToDW6xq5TNn5u7-i9njJkqmMuc.roa
Signing time:             Mon 27 Feb 2023 04:26:15 +0000
ROA not before:           Mon 27 Feb 2023 04:26:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 27 Mar 2023 19:08:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:91:1f:06:fe:b7:cc:75:1f:97:80:cc:d2:68:60:36:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Feb 27 04:26:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=713a035bac6ae53367e6eefe8bd9e3264aa632e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:8e:63:82:f9:c7:34:c5:a2:88:21:2e:2a:
                    17:2d:2f:75:61:bb:46:e6:7d:ac:12:2f:b6:4f:da:
                    6b:54:e6:02:e3:e0:17:95:34:d8:8c:d5:ec:45:e6:
                    65:e6:bf:0c:72:01:c4:9d:06:e4:77:f1:b7:11:26:
                    c4:8a:2e:e0:93:95:01:59:fd:a8:81:7d:78:a6:9c:
                    81:87:f6:cf:e1:ab:a5:50:da:e4:08:74:0e:5f:db:
                    b1:3c:1e:5b:bb:e0:48:aa:a9:d0:f7:f0:d4:19:54:
                    2a:ce:63:21:e9:7f:d7:1b:64:54:fe:4a:19:fb:7e:
                    9d:d1:f7:0b:43:70:e3:fc:f9:4b:92:43:d6:a1:d5:
                    64:99:2f:ce:da:bc:7a:af:85:43:1c:75:e6:05:48:
                    d6:e7:79:92:35:0b:78:21:68:f0:c9:cc:ed:4c:78:
                    52:28:72:88:b8:0b:7d:4b:3e:7c:d9:1e:92:cc:11:
                    c9:57:66:a9:ce:83:df:ec:c0:33:e1:32:f3:46:39:
                    d7:aa:0f:43:26:d7:28:5a:47:10:62:34:7b:da:d9:
                    f5:c4:cf:50:55:28:c9:89:84:78:16:ef:a9:7c:86:
                    25:fc:35:01:c5:4e:d6:fd:2e:5f:1d:be:92:5a:68:
                    13:c6:ba:1c:3f:8f:9c:7a:a7:c2:21:be:68:b2:e3:
                    a9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:3A:03:5B:AC:6A:E5:33:67:E6:EE:FE:8B:D9:E3:26:4A:A6:32:E7
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/cToDW6xq5TNn5u7-i9njJkqmMuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0/24
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:01:d2:93:ac:b7:45:20:a4:85:8b:85:6c:9a:5e:6b:18:55:
         0e:9a:ee:5d:6a:d4:90:89:c7:22:75:02:e1:9d:72:1f:ac:d8:
         e3:e6:1d:ec:e5:94:26:7f:17:64:a3:c4:da:a9:c7:12:7a:35:
         7c:26:c7:bb:bf:87:8a:68:db:0b:1a:d8:51:b0:81:46:5d:36:
         aa:a5:b9:88:61:4f:b3:3e:bb:81:4e:d9:e9:0b:39:d8:42:46:
         09:31:55:0d:30:d9:79:68:4c:77:79:36:55:12:c2:07:9e:80:
         53:37:f2:d0:44:7c:1f:43:5f:52:e3:6d:f8:73:73:4e:7f:7f:
         4d:f3:ff:dd:14:ed:eb:45:fb:f9:56:fb:e3:74:ae:d5:ef:e3:
         96:7c:b9:e3:de:ab:1a:20:dd:c6:c7:5c:ac:11:ac:91:08:4c:
         c7:e9:a5:f2:d7:e7:e8:0b:77:ea:56:fa:b2:fa:f4:bd:e7:f5:
         4d:32:46:62:e7:db:c8:29:f8:a1:60:74:18:fc:55:c1:63:17:
         f6:c0:ee:b3:67:c4:fe:0b:59:37:d8:ce:c9:3d:ea:c0:bc:1a:
         ae:d1:3f:56:4b:43:dc:e5:6d:d0:3e:3e:27:68:fb:0d:86:f7:
         ea:40:12:08:73:ae:50:e5:15:87:2a:bd:9a:03:9a:d3:b7:da:
         95:67:41:e0
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYaRHwb+t8x1H5eAzNJoYDZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMwMjI3MDQyNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTNhMDM1YmFjNmFlNTMzNjdlNmVlZmU4YmQ5ZTMyNjRhYTYzMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZSOY4L5xzTFooghLioXLS91YbtG
5n2sEi+2T9prVOYC4+AXlTTYjNXsReZl5r8McgHEnQbkd/G3ESbEii7gk5UBWf2o
gX14ppyBh/bP4aulUNrkCHQOX9uxPB5bu+BIqqnQ9/DUGVQqzmMh6X/XG2RU/koZ
+36d0fcLQ3Dj/PlLkkPWodVkmS/O2rx6r4VDHHXmBUjW53mSNQt4IWjwycztTHhS
KHKIuAt9Sz582R6SzBHJV2apzoPf7MAz4TLzRjnXqg9DJtcoWkcQYjR72tn1xM9Q
VSjJiYR4Fu+pfIYl/DUBxU7W/S5fHb6SWmgTxrocP4+ceqfCIb5osuOpNwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFHE6A1usauUzZ+bu/ovZ4yZKpjLnMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvY1RvRFc2eHE1VE5uNXU3LWk5bmpKa3FtTXVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAsBAIAATAmMAwDBAFo96oD
BABo97QDBABo97YDBABo97gDBAK5SYADBAC5idcwDwQCAAIwCQMHACoDpaAAATAN
BgkqhkiG9w0BAQsFAAOCAQEAcgHSk6y3RSCkhYuFbJpeaxhVDpruXWrUkInHInUC
4Z1yH6zY4+Yd7OWUJn8XZKPE2qnHEno1fCbHu7+HimjbCxrYUbCBRl02qqW5iGFP
sz67gU7Z6Qs52EJGCTFVDTDZeWhMd3k2VRLCB56AUzfy0ER8H0NfUuNt+HNzTn9/
TfP/3RTt60X7+Vb743Su1e/jlny5496rGiDdxsdcrBGskQhMx+ml8tfn6At36lb6
svr0vef1TTJGYufbyCn4oWB0GPxVwWMX9sDus2fE/gtZN9jOyT3qwLwartE/VktD
3OVt0D4+J2j7DYb36kASCHOuUOUVhyq9mgOa07falWdB4A==
-----END CERTIFICATE-----